Date: Tue, 23 Feb 1999 03:21:09 -0800 (PST) From: Kris Kennaway <kris@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/sysutils/wmmon Makefile ports/sysutils/wmmon/pkg DESCR Message-ID: <199902231121.DAA63159@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
kris 1999/02/23 03:21:09 PST
Modified files:
sysutils/wmmon Makefile
sysutils/wmmon/pkg DESCR
Log:
The wmmon port likes to install itself setuid root. Unfortunately, it has a
major security hole (and at least one minor one) resulting in a local root
exploit. Until a better fix is available, this patch installs the binary
chmod go-s, meaning you must be root to run it. If anyone is using this in
a multi-user environment they are strongly advised to remove the setuid bit.
Submitted by: Steve Reid <sreid@alpha.sea-to-sky.net>
Revision Changes Path
1.6 +3 -3 ports/sysutils/wmmon/Makefile
1.2 +4 -0 ports/sysutils/wmmon/pkg/DESCR
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902231121.DAA63159>